On Fri, Mar 29, 2024 at 3:50 PM Oliver Webb <aquahobby...@proton.me> wrote:
>
> > > ah, crap, that's another thing to put on the riscv64 to-do list...
> > > (thanks for bringing that to light!)
> >
> > so, TIL that upstream already added a risc-v bcj implementation...
>
> I always thought that the xz decompresser we use in toybox ("xx-embeded") and
> the main
> one (The one with the CVE) were different projects (Separate git repos, one
> is much slower
> than the other, etc). That being said, There are 0BSD licensed parts in the
> xz repo
> (one of SIX different licenses).
different repo, same maintainers.
> > (rob will of course be delighted to hear of systemd's involvement in
> > the exploit chain :-) )
>
> Who would've known that a over-complicated, extremely large hairball with a
> massive dependency chain
> that tries to consume _everything_ makes it easy to perform exploits.
>
> - Oliver Webb <aquahobby...@proton.me>
>
_______________________________________________
Toybox mailing list
Toybox@lists.landley.net
http://lists.landley.net/listinfo.cgi/toybox-landley.net
